[OGo-Users] LDAPInitialBindSpecific not working
Torsten Becker
users@opengroupware.org
Sat, 03 Mar 2007 11:27:58 +0100
Adam Tauno Williams schrieb:
>> I'm configuring OGo 1.0 to authenticate against LDAPv3 (OpenLDAP) by using the
>> LDAPInitialBind settings as instructed in this manual:
>> http://docs.opengroupware.org/Members/whitemice/wmogag/download. Here's what
>> I have in NSGlobalDomain.plist (don't worry, I'm only using the root account
>> temporarily for testing):
>> LSAuthLDAPServer = "ldap.foo.bar";
>> LSAuthLDAPServerRoot = "dc=foo,dc=bar";
>> LSAuthLDAPServerPort = 389;
>> LDAPLoginAttributeName = "uid";
>> DisablePasswordModification = YES;
>> LDAPInitialBindSpecific = YES;
>> LDAPInitialBindDN = "uid=root,ou=people,dc=foo,dc=bar";
>> LDAPInitialBindPW = "xxx";
>> When I enable 'allow bind_v2' in slapd.conf I am able to log in via
>> http://ldap.foo.bar/OpenGroupware, but without it and using the above
>> settings login attempts fail and nothing even appears in the LDAP server's
>> syslog.
>>
>
> That seems very odd: "nothing even appears in the LDAP server's syslog"
>
> What is value of the DSA's loglevel directive? I'm on the road today,
> but off the top of my head I think you want 128+32+8 as a minimum in
> order to figure out what is going on. Since it looks like you are on
> the same machine, and thus using ethereal/wireshark is probably out, you
> can throw in +2 if you want to see the packets.
>
> And if you are logging to syslog make sure syslog isn't ditching traffic
> below a certain level.
>
> A rule like:
> local4.* -/var/log/ldap
> - is a good idea.
>
>> Any clues?
>>
>
>
I try to do the same Setup just for autheticatting against kerberos with
users in ldap.
I figured out that the Syntax
LDAPInitialBindSpecific = YES;
sounds right for "Defaults read" but the InitialBind will not work.
If you remove the '=' then it should work, it does it in my setup.
LDAPInitialBindSpecific YES;
Greetz, Torsten
--
---
net-concept T. Becker